+ if( sign.type != BINARY_SIGNATURE && sign.type != TEXT_SIGNATURE )
+ {
+ msg_Err( p_update->p_libvlc, "Invalid signature type" );
+ goto error;
+ }
+
+ p_update->p_pkey = (public_key_t*)malloc( sizeof( public_key_t ) );
+ if( !p_update->p_pkey )
+ goto error;
+
+ if( parse_public_key( videolan_public_key, sizeof( videolan_public_key ),
+ p_update->p_pkey, NULL ) != VLC_SUCCESS )
+ {
+ msg_Err( p_update->p_libvlc, "Couldn't parse embedded public key, something went really wrong..." );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ memcpy( p_update->p_pkey->longid, videolan_public_key_longid, 8 );
+
+ if( memcmp( sign.issuer_longid, p_update->p_pkey->longid , 8 ) != 0 )
+ {
+ msg_Dbg( p_update->p_libvlc, "Need to download the GPG key" );
+ public_key_t *p_new_pkey = download_key(
+ VLC_OBJECT(p_update->p_libvlc),
+ sign.issuer_longid, videolan_public_key_longid );
+ if( !p_new_pkey )
+ {
+ msg_Err( p_update->p_libvlc, "Couldn't download GPG key" );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ uint8_t *p_hash = key_sign_hash( p_new_pkey );
+ if( !p_hash )
+ {
+ msg_Err( p_update->p_libvlc, "Failed to hash signature" );
+ free( p_new_pkey );
+ FREENULL( p_update->p_pkey );
+ goto error;
+ }
+
+ if( verify_signature( p_new_pkey->sig.r, p_new_pkey->sig.s,
+ &p_update->p_pkey->key, p_hash ) == VLC_SUCCESS )
+ {
+ free( p_hash );
+ msg_Info( p_update->p_libvlc, "Key authenticated" );
+ free( p_update->p_pkey );
+ p_update->p_pkey = p_new_pkey;
+ }
+ else
+ {
+ free( p_hash );
+ msg_Err( p_update->p_libvlc, "Key signature invalid !\n" );
+ goto error;
+ }
+ }
+
+ gcry_md_hd_t hd;
+ if( gcry_md_open( &hd, GCRY_MD_SHA1, 0 ) )
+ goto error_hd;
+
+ gcry_md_write( hd, psz_version_line, strlen( psz_version_line ) );
+ FREENULL( psz_version_line );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+ gcry_md_write( hd, p_update->release.psz_url,
+ strlen( p_update->release.psz_url ) );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+
+ char *psz_desc = p_update->release.psz_desc;
+ while( *psz_desc )
+ {
+ size_t i_len = strcspn( psz_desc, "\r\n" );
+ if( !i_len )
+ break;
+
+ gcry_md_write( hd, psz_desc, i_len );
+ if( sign.type == TEXT_SIGNATURE )
+ gcry_md_putc( hd, '\r' );
+ gcry_md_putc( hd, '\n' );
+
+ psz_desc += i_len;
+ while( *psz_desc == '\r' || *psz_desc == '\n' )
+ psz_desc++;
+ }
+
+ if( sign.version == 3 )
+ {
+ gcry_md_putc( hd, sign.type );
+ gcry_md_write( hd, &sign.specific.v3.timestamp, 4 );
+ }
+ else if( sign.version == 4 )
+ {
+ gcry_md_putc( hd, sign.version );
+ gcry_md_putc( hd, sign.type );
+ gcry_md_putc( hd, sign.public_key_algo );
+ gcry_md_putc( hd, sign.digest_algo );
+ gcry_md_write( hd, sign.specific.v4.hashed_data_len, 2 );
+ size_t i_len = scalar_number( sign.specific.v4.hashed_data_len, 2 );
+ gcry_md_write( hd, sign.specific.v4.hashed_data, i_len );
+ gcry_md_putc( hd, 0x04 );
+ gcry_md_putc( hd, 0xFF );
+
+ i_len += 6; /* hashed data + 6 bytes header */
+
+ gcry_md_putc( hd, (i_len >> 24) & 0xff );
+ gcry_md_putc( hd, (i_len >> 16) & 0xff );
+ gcry_md_putc( hd, (i_len >> 8) & 0xff );
+ gcry_md_putc( hd, (i_len) & 0xff );
+ }
+ else
+ { /* RFC 4880 only tells about versions 3 and 4 */
+ msg_Warn( p_update->p_libvlc, "Invalid signature version %d",
+ sign.version);
+ goto error_hd;
+ }
+
+ gcry_md_final( hd );
+
+ uint8_t *p_hash = gcry_md_read( hd, GCRY_MD_SHA1 );
+
+ if( p_hash[0] != sign.hash_verification[0] ||
+ p_hash[1] != sign.hash_verification[1] )
+ {
+ msg_Warn( p_update->p_libvlc, "Bad SHA1 hash for status file" );
+ goto error_hd;
+ }
+
+ if( verify_signature( sign.r, sign.s, &p_update->p_pkey->key, p_hash )
+ != VLC_SUCCESS )
+ {
+ msg_Err( p_update->p_libvlc, "BAD SIGNATURE for status file" );
+ goto error_hd;
+ }
+ else
+ {
+ msg_Info( p_update->p_libvlc, "Status file authenticated" );
+ gcry_md_close( hd );
+ return true;
+ }
+
+error_hd:
+ gcry_md_close( hd );